Site Navigation

Date:      Fri, 07 Feb 2014 12:44:38 +0000
From:      Nicolas DEFFAYET <nicolas-ml@deffayet.com>
To:        "Andrey V. Elsukov" <bu7cher@yandex.ru>
Cc:        freebsd-net@freebsd.org
Subject:   Re: IPsec filtertunnel broken on FreeBSD 10
Message-ID:  <1391777078.27201.2.camel@srv31.corp.novso.com>
In-Reply-To: <52F4C41B.3030101@yandex.ru>
References:  <1391725273.22934.16.camel@fr-wks3.corp.novso.com> <52F4C41B.3030101@yandex.ru>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

On Fri, 2014-02-07 at 15:31 +0400, Andrey V. Elsukov wrote: 
> On 07.02.2014 02:21, Nicolas DEFFAYET wrote:

Hello Andrey,

> > The IPsec filtertunnel is broken on FreeBSD 10: incoming packets
> > decapsulated are not going to firewall and to the pseudo interface enc.
> > 
> > This issue affect 10.0-RELEASE and 10.0-STABLE.
> > 9.1-RELEASE and 9.2-RELEASE are not affected.
> > 
> > Of course the systctl show that filtertunnel is enabled:
> > net.inet.ipsec.filtertunnel=1
> > net.inet6.ipsec.filtertunnel=1
> 
> Can you show what values do you have in the
> sysctl net.enc ?

I use default value (value not tunned in boot/loader.conf &
etc/sysctl.conf) 

FreeBSD 9.1-RELEASE
net.enc.in.ipsec_bpf_mask: 1
net.enc.in.ipsec_filter_mask: 1
net.enc.out.ipsec_bpf_mask: 3
net.enc.out.ipsec_filter_mask: 1

FreeBSD 10.0-RELEASE
net.enc.in.ipsec_bpf_mask: 1
net.enc.in.ipsec_filter_mask: 1
net.enc.out.ipsec_bpf_mask: 3
net.enc.out.ipsec_filter_mask: 1

Many thanks for your help

-- 
Nicolas DEFFAYET

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1391777078.27201.2.camel>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact